SAN FRANCISCO (NEXSTAR) — Apple disclosed serious security vulnerabilities Wednesday for iPhones, iPads and Macs. The software flaws could potentially allow attackers to take complete control of these devices, Apple said in two security reports.
On Wednesday, Apple posted a security update for iOS 15.6.1 and iPadOS 15.6.1 after investigating two vulnerabilities that could lead to “arbitrary code execution.” The same day Apple also issued a security update for macOS Monterey users.
Apple’s explanation of the vulnerabilities means a hacker could get “full admin access to the device” so that they can “execute any code as if they are you, the user,” said Rachel Tobac, CEO of SocialProof Security.
The vulnerabilities were detected in the webkit, which is the web browser engine, and the kernel, which is essentially the core of the operating system.
On Thursday, Apple also issued a security update for macOS Big Sur and macOS Catalina to prevent “maliciously crafted web content” on Safari that could leave devices vulnerable to attacks.
The company said in all cases it was aware of a report claiming the issues had been “actively exploited.”
Security experts have advised users to update affected devices — the iPhones 6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. It also affects some iPod models.
“If you are using an iOS device, make sure that you update as soon as you can,” tweeted cybersecurity researcher Sean Wright.
Journalists, activists, people targeted by nation states and others who may face outside threats should update immediately, according to Tobac. Others should also update their devices, she added, at least by the end of the day.
Apple’s explanation of the vulnerability means a hacker could get “full admin access to the device” so that they can “execute any code as if they are you, the user,” said Rachel Tobac, CEO of SocialProof Security.
The Associated Press contributed to this report.